CASE STUDY

Mitigating Advanced Threat Actors: Gaining Access to Closed Groups to Gain Insight into Vulnerability Disclosure and Further Litigation

by | Oct 1, 2020 | Case Study, Outside Intel

The Challenge

A retail client requested our assistance to identify an individual, who was also a paying customer, who wrote a python script that scraped a backend server. The customer had also previously published a WiFi vulnerability present at the company’s offices in the US. The client was aware of closed forums where this customer and other potential threat actors exchanged ideas about denigrating the client’s reputation, and asked Nisos to help understand the nature of the threat.

Why Nisos

The client’s security team did not have the ability to gain this access and required assistance from a partner that could not only gain access to closed forums, but do so with discretion and in a targeted fashion to uncover intelligence about specific threats to the client.

Preparation

Using mis-attributable internet capabilities, we gained access to a closed group of customers and employees who were talking about bringing legal action against the client. Many of the group members were also identified in another chat channel discussing obtaining insider information from the client’s employees. Using close access to the group, we were able to engage the actor online and build rapport.

Execution

Via direct interaction, we were able to identify the individual and determine the method he used to scrape the backend server. Further, after gaining access to a global chat channel with client customers from all over the world, we identified US customer grievances pertaining to payment during the COVID-19 pandemic.

Customers were discussing additional withholding and canceling fees, as well as potential legal action against the client. We collected chat logs on the group’s plans and intentions for client’s counsel to review.

Impact

The company used this information to contact the individual and received further vulnerability details about the python script that the client was then able to escalate through their patch management process and avoid an incident. They were also able to use other information collected in chat sessions for administrative legal reviews of employee conduct.

About Nisos

Nisos is the Managed Intelligence company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact info@nisos.com

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks